This commit is a WIP on the way to accomplishing the one-line commit
message goal.

It took awhile to figure out how to do this, but I think this latest
iteration actually works.

See comment in diff for details.

Use node group apply

"puppetserver ca --certname <null>".  The inline template is adding a comma
and when it goes to run the next iteration it has no value for
the certname, causing a failure.  This is for a monlithic-master.

Puppet Enterprise Administration module. This name change is being
driven by a desire to standardize on using this module and approach for
all deployments of PE. The module already supports more architectures
than just Extra Large, so a name change is probably a good idea for that
reason too.

Really, the purpose of this module is to capture and automate lifecycle
administration actions relating to the management of PE. Thus, "peadm".

Rename module to puppetlabs-peadm

The pp_role trusted fact is the most-likely-to-be-used trusted fact we
have. It's not a good idea to require the use of this one for peadm
configuration to work.

Instead, encode the information we need for component identification
into pp_application. Use puppet/ as a prefix, and attach whatever
component role a node has after that.

There's a good argument that we shouldn't use pp_application either.
We're already using it though so we don't lose anything this way, and we
gain the benefit of not using pp_role anymore. So shipping this as an
incremental improvement, with room for more improvement in the future.

Remove use of pp_role

This commit includes the changes that were required to automate
the deployment of the PE XL architecture when Bolt and Terraform
were linked together on macOS, targeted at GCP. The use case
being a single Bolt plan that can quickly stamp out new
infrastructure for customers.

Reasoning for filesize.sh change is because of parameter
mismatches between Linux and macOS. Other changes are a result
of needing to access nodes using external IP address when
initiating automation from outside the cloud provider, e.x. your
laptop and requiring that all services are wired together using
internal DNS names.

Since we have changes in it to return the name, not the host. This
commit just makes the action match the description.

Deploy combined with GCP, macOS, Terraform

Previously, we laid down a parameter from a lower level class instead of the top level parameter from puppet_enterprise.  The PE installer does not recognize the lower level class parameter but does recognize the puppet_enterprise parameter.

And clean up old, unused content.

Update parameter for puppetdb_database_host

Turns out it doesn't quite work to use the high-level parameter for the
compilers.

  Warning: Unable to fetch my node definition, but the agent run will continue:
  Warning: Error 500 on SERVER: Server Error: Classification of ... failed due
  to a classification conflict: The node was classified into groups named:
    "PE Master B"
    "PE Infrastructure Agent"
    "All Environments"
    "PE HA Replica"

  These groups defined conflicting values for class parameters for the classes:
    "puppet_enterprise"

Partially revert fcd04d0

The "action" plans subdirectory contains unit actions that can be
performed, and chained together by higher-level plans. While the term
"unit" is probably the more technically accurate, "action" is more
intuitive as to what these unit plans typically are.

Rename subdirectory "unit" to "action"

Because we still want to install old versions of PE occasionally, it
seems.

Re-add use of raw OIDs to csr_attribute.yaml files

So that Puppet 5 (PE 2018.1) can be supported.

Make CSR submission version-aware

So that if the default hiera.yaml changes, the logic will still work,
and the source of truth for the contents of hiera.yaml in a deployment
managed by peadm is not the peadm module itself.

configure classifier data in global hiera.yaml

Seems like the workaround is still needed. Will investigate, since Bolt
GH-1244 is supposed to be resolved.

Or at least, enough support to try it out.

Because `python` is not available out of the box on Ubuntu. They
switched it to `python3`. On CentOS 8 that package is available, but not
installed out of box. So ruby is most reliable now for this use case.

On Ubuntu under sudo, it seems to be very wonky. We already have code to
compute them based on UID, so let's just always do that and never bother
even checking what they come to us as.

Add support for Ubuntu platform

Previously, the agent was not started on compilers and the replica.
Additionally, because the agent was running on the master and postgresql
nodes during install, that could sometimes interfere with directed runs.

After this commit the Puppet agent is ensured stopped on all systems
during provision to ensure full control of Puppet activity, and the
agent is resumed at the end of configuration.

The validate_architecture() function had a bug where it did not report
HA status correctly for standard/large installs including HA.

This commit ensures the upgrade plan is functional for the peadm module
over ssh. The upgrade plan has not been well supported in the past.
This commit is a first step and its objective is only base
functionality. Additional features such as input validation and
orchestrator transport support will need to be added iteratively.

As an improvement over the alpha version of this plan, upgrade the
PostgreSQL nodes *first*, so that upgrade of the master/replica can
proceed without error in the event a major PostgreSQL version is
released.

Upgrade plan is also annotated with stage separators to make it easier
to follow what is going on.

Many of the tasks/plans shipped in PE are brittle and make assumptions
about environment variables. By enforcing PATH (and HOME, and USER) in
agent_upgrade.sh we hopefully insulate ourselves from the worst of it.

Modernize Upgrade Plan

To reduce confusion. We do not currently support orchestrator transport
for upgrades (though that should be coming soon)

Without the fully qualified path, it's not reliable that a system will
be able to run the puppet command correctly.

There was a problem with Ruby not being able to hashify the parsed array
of Puppet config output if any of the config items did not have a value.
This commit fixes that bug.

Capturing this work in the event it is useful later, rather than
discarding it. It could be used to remove a `run_command()` directive in
the action/install plan.

Initial draft.

After upgrade, several changes are consistenly made on the master node.
This commit runs Puppet on the master once as part of the upgrade to
ensure these changes are taken care of at the same time the rest of the
upgrade is.

Commit includes minor code changes to support this use case, and an
addition to the documentation detailing how to upgrade using the
Orchestrator transport.